[codesyntax lang=”bash”]
#!/bin/bash # By Ed Wiget # This script sets up a proxy so that you can audit web servers anonymously over tor
# 20111113 - initial script (better method)
# enable next line for debugging #set -x echo "Please enter the ip address of the target host or a domain name" read dom # this checks to see if we set a domain name or ip address # it sets the variable IP to the ip address of domain or ip entered # if you are auditing more than .com, .net, .org, .edu addresses, you need to add them below if [ "`echo ${dom} | egrep 'com|net|org|edu' | wc -l`" = "1" ]; then IP=`tor-resolve ${dom}` else IP=${dom} fi # for debugging to make sure we are setting IP correctly #echo ${IP} # here we set up a socat proxy listening on localhost port 8080 # it forwards any tcp requests to ${IP} port 80 # via the socks tor listening on localhost 9050 sudo socat TCP4-LISTEN:8080,fork SOCKS4:127.0.0.1:${IP}:80,socksport=9050 & # the sleep is required or the check for listening fails below sleep 2 if [ "`sudo netstat -ptane | grep 8080 | wc -l`" = "1" ]; then echo "proxy started successfully" else echo "proxy not running" exit fi # here we are going to check port 80 for a web server which will likely tell us the # operating system too via the results sudo proxychains nmap -sT -PN -n -sV ${IP} -p80 # here we need to set up w3af_gui running as root in order to connect to our proxy echo "when w3af opens, click on advanced target settings" sleep 1 echo "set the target ip in w3af to http://127.0.0.1:8080" sleep 1 echo "set the targetos and targetframework in w3af as returned by the nmap check above" sleep 1 sudo /pentest/web/w3af/w3af_gui &
[/codesyntax]
So now you can audit a web app using w3af. If you wanted to use nessus or metasploit, just plug in the address as 127.0.0.1:8080
Leave a Reply
You must be logged in to post a comment.